Officer’s Notes pfp

Officer’s Notes

@officercia

22 Following
1575 Followers
Officer’s Notes pfp
Officer’s Notes
@officercia
You can use my VIP promo code btw) officer8
0 reply
0 recast
0 reaction
Megapot pfp
Megapot
@megapot
@officercia has been winning a week straight playing on @usetab and has the receipts to prove it 👀 https://x.com/officer_cia/status/1947094767692603881
3 replies
6 recasts
13 reactions
Officer’s Notes pfp
Officer’s Notes
@officercia
eSIM: Cloning, Interception, and Java Card System Vulnerability Researchers from Security Explorations have reported a critical vulnerability in eSIM chips from Kigen, which allowed full access to secret keys, cloning of eSIM profiles, and interception of calls and messages without the owner's knowledge.
2 replies
1 recast
9 reactions
Officer’s Notes pfp
Officer’s Notes
@officercia
🎁 I won 32 USDC from lottery on @usetab! Claimed on July 15, 2025.
1 reply
0 recast
2 reactions
Officer’s Notes pfp
Officer’s Notes
@officercia
Source https://securityaffairs.com/179894/security/experts-uncover-critical-flaws-in-kigen-esim-technology-affecting-billions.html?amp
0 reply
0 recast
1 reaction
Officer’s Notes pfp
Officer’s Notes
@officercia
I will, clearly stated in a post on X, missed here https://x.com/officer_cia/status/1946679256668406169?s=46
0 reply
0 recast
0 reaction
Officer’s Notes pfp
Officer’s Notes
@officercia
Attack Demonstration: Cloning an Orange Profile. Researchers demonstrated the attack in the real network of Orange Poland: 🕸 Two phones used the same eSIM profile, 🕸 The second phone completely intercepted calls and SMS, 🕸 The original owner noticed nothing — the eSIM operation appeared unchanged. Kigen chips were certified to EAL4+, GSMA SGP.22 specifications, and secured by Infineon SecurCore SC300. However, even such "rock-solid" security did not protect against the logical vulnerability in Java Card.
1 reply
0 recast
0 reaction
Officer’s Notes pfp
Officer’s Notes
@officercia
Over 2 billion devices are potentially vulnerable — smartphones, IoT, cars, and industrial systems. The threat affects all eSIM manufacturers using Java Card without strict code validation. Attack Capabilities: 🕸 Interception of communications, 🕸 Hacking two-factor authentication, 🕸 Remote backdoor implantation, 🕸 "Bricking" of chips. Kigen has released a patch and updated the specification (GSMA TS.48 v7.0), Added protections include: prohibition of third-party applet installation, RAM protection, and key randomization. The vulnerability received a CVSS score of 6.7. Researchers were awarded $30,000 by GSMA for identifying the issue. This case is not just a bug in one chip but a wake-up call for the entire industry. If the Java Card architecture remains vulnerable, any eSIM chip could become an entry point for cyberattacks. Even having certifications and closed specifications does not guarantee security.
1 reply
0 recast
0 reaction
Officer’s Notes pfp
Officer’s Notes
@officercia
Through the SMS-PP protocol (service SMS), an attacker can send a malicious applet to the device and gain access to the memory where private ECC keys are stored. This enables: ⦁ Forging the GSMA certificate (Generic Test Profile), ⦁ Uploading mobile operator eSIM profiles (AT&T, Vodafone, O2, Orange, etc.) in plain text, ⦁ Cloning the eSIM to another device.
1 reply
0 recast
0 reaction
Officer’s Notes pfp
Officer’s Notes
@officercia
This is the first publicly documented case in history of a successful hack of a consumer eUICC chip certified to the EAL4+ standard and approved by GSMA. The issue lies in the architecture of the Java Card VM used in Kigen chips. It allows the installation and execution of Java applets on eSIMs but does not verify their security at the bytecode level.
1 reply
0 recast
1 reaction
Officer’s Notes pfp
Officer’s Notes
@officercia
eSIM: Cloning, Interception, and Java Card System Vulnerability Researchers from Security Explorations have reported a critical vulnerability in eSIM chips from Kigen, which allowed full access to secret keys, cloning of eSIM profiles, and interception of calls and messages without the owner's knowledge.
2 replies
1 recast
9 reactions
Officer’s Notes pfp
Officer’s Notes
@officercia
Anti-Kidnapping Kit https://officercia.mirror.xyz/s7Bi5ScyF6q39FQkDlHss7zgI-Tu9vpBvrGHmED_KZI
0 reply
1 recast
0 reaction
Officer’s Notes pfp
Officer’s Notes
@officercia
What an amazing piece of technology 👀 I honestly love GridPlus! Much thanks @justinleroux for an awesome birthday gift ❤️
1 reply
1 recast
8 reactions
Officer’s Notes pfp
Officer’s Notes
@officercia
My old article https://officercia.mirror.xyz/OJzFborIrcY66RAaQOGB81RCBzey99w_vbtSGKyHpKU
0 reply
0 recast
0 reaction
Officer’s Notes pfp
Officer’s Notes
@officercia
What an amazing piece of technology 👀 I honestly love GridPlus! Much thanks @justinleroux for an awesome birthday gift ❤️
1 reply
1 recast
8 reactions
Paragraph pfp
Paragraph
@paragraph
Check out @officercia's latest blog post summarizing recent vulnerabilities and arrest developments in the crypto space. Highlighted topics include the CPIMP attack saving millions, notable data breaches, and trends in corporate Bitcoin purchases. There’s so much happening—stay informed!
0 reply
1 recast
1 reaction
Officer’s Notes pfp
Officer’s Notes
@officercia
Researchers from kaspersky Lab have shared the results of their investigation into an incident involving a blockchain developer who fell victim to a scam. It turned out that a fake extension for the Cursor IDE code editor infected devices with remote access tools and info stealers, which led to the theft of $500,000 in cryptocurrency from the mentioned developer.
1 reply
3 recasts
4 reactions
Officer’s Notes pfp
Officer’s Notes
@officercia
Anti-Kidnapping Kit https://officercia.mirror.xyz/s7Bi5ScyF6q39FQkDlHss7zgI-Tu9vpBvrGHmED_KZI
0 reply
1 recast
0 reaction
Officer’s Notes pfp
Officer’s Notes
@officercia
The attackers were able to boost their extension's ranking above legitimate ones in Open VSX search results by bypassing the algorithm and significantly inflating the installation numbers, which prompted the victim to install the malicious extension, mistaking it for a legitimate one. Researchers also found similar extensions in the Microsoft Visual Studio Code store under the names solaibot, among-eth, and blankebesxstnion, which also executed PowerShell scripts to install ScreenConnect and info stealers. Malicious open-source packages continue to pose a serious threat to the crypto industry and remain an attractive way for attackers to profit, as many projects today rely on open-source tools.
1 reply
1 recast
0 reaction
Officer’s Notes pfp
Officer’s Notes
@officercia
The final attack script downloaded a malicious executable from archive[.]org, containing a loader known as VMDetector, which installed Quasar RAT (capable of executing commands on devices) and PureLogs stealer (which steals credentials and authentication cookies from web browsers, as well as cryptocurrency wallet data). According to Kaspersky Lab, Open VSX showed that the extension was downloaded 54,000 times before it was removed on July 2. However, researchers believe that the number of installations was artificially inflated to give it an appearance of legitimacy. The day after, the attackers published a nearly identical version called solidity, increasing the installation count of this extension to nearly two million.
1 reply
0 recast
1 reaction